In the wake of the Colonial Pipeline hack, the group behind it, DarkSide, went dark, disappearing from the world along with the websites attributable to them. No one seems to know what happened to DarkSide, but federal officials focused on cybersecurity and counterintelligence say the group could be back another day under a new hacking umbrella — maybe already is — and one lesson from the recent national security threat is that some of the biggest geopolitical rivals of the U.S. are not doing anything to stop these groups from proliferating.
Nation states are serving as safe havens for sophisticated criminal cyber actors and that is leading to an “increased blending of the threat,” said John Demers, assistant attorney general at the National Security Division at the Department of Justice, speaking on a CNBC Evolve livestream on Wednesday.
He said that is also a reason to believe that DarkSide could be back, or is still operating under a new name.
“When nation states aren’t doing their part to investigate and root out hacking activity happening within their borders, then any number of things could have been the answer to … what happened to the DarkSide infrastructure including that … they’re just off renaming themselves, so we’ll see.”
“Groups like that will come back,” he added. “Probably Darkside itself, those actors that comprise that group, will be back if they’re not already out there in other forms operating as we’re talking about.”